I am making a game that utilizes GetPixel to build a billboard for 3D object – some might say that it’s possible to do without GetPixel but I’m doing some post-processing to the rendered image to make it look better. It worked fine with Unity2.x but now that I’m trying to upgrade the engine to Unity3 it began to conflict with the cross domain policy.
The problem is that I am downloading some external images for GUI usage – to be more specific user photos from Facebook. I DO NOT utilize these in making billboards – I use it only for GUI and no 3D object uses them. Yet I’m getting an exception when calling GetPixel using the render target texture. The exception message is as followed:
System.Security.SecurityException: Reading from the screen is not allowed when you have used a downloaded texture without proper crossdomain.xml authorization
Shouldn’t unity check whether textures without crossdomain.xml are actually used for the scene rendering and generate such exception? Is there any workaround for this kind of problem?
GetPixel is shut down on any dynamically loaded image, be it from harddisk, WWW or wherever.
GetPixel / SetPixel is disabled by default and can only be changed through the editor ie on textures that are part within your application.
I had to download the images to the server that has crossdomain.xml then relay them to client. It is possible to get pixel information of any non-crossdomain images on the web using this method – what’s the point of shutting it down at the first place?
The point of this annoying security “feature” is that it ensures that you are not trying to download images from unsuspecting web users’ private networks, and sending them back to your own server.
These 3.x security measures are a pain, however they are necissery to ensure that the unity webplayer cannot be used for harm. If it could, nobody would want to install it anymore, which would hurt all unity devs a lot more than the annoying security measures.
Yes, I understand the reason for the policy and agree it’s a good idea.
Just wondering if there’s a legitimate way around it?
I’d like to create an application that uses imaged that the user uploads, not hacking into their system
There must be a way for the users to upload the pictures to lets say my own server that has a crossdomain.xml and then read it from there. But can you do it from within Unity? or does it have to be external?
Great way to get internet security software to put you onto the red / block + confirm list, cause you break existing internet standards for the sake of whatever.
Unless this is for a customer or inhouse where this special policy is agreed, you just ensure that you are not going far at all without a lot of PR nightmare fun
